Refactor golangci-lint configuration and improve error handling
- Updated .golangci.yml to enable default linters and refine suppression rules, enhancing code quality visibility. - Improved error handling in cmd/root.go by explicitly discarding low-value error messages during fatal exits for consistency with errcheck posture. - Added best-effort error handling in various locations across the codebase, ensuring that non-critical errors are logged without affecting overall functionality. - Introduced a new writeMetricsText function to streamline metrics output, improving code clarity and maintainability.
This commit is contained in:
+52
-38
@@ -1,5 +1,9 @@
|
||||
# .golangci.yml - reasonable defaults for steamcache2
|
||||
# Run with: golangci-lint run ./...
|
||||
# .golangci.yml - steamcache2 lint config
|
||||
# Philosophy: enable reasonable linters by default (golangci curated set + key additions)
|
||||
# then use most specific suppressions possible (source //nosec with justification,
|
||||
# _ = discard for errcheck on unavoidable client writes, narrow exclude-rules only for tests).
|
||||
# This makes remaining accepted issues visible and actionable in the code.
|
||||
# Run with: make lint (or golangci-lint run ./...)
|
||||
# Install: go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
|
||||
|
||||
run:
|
||||
@@ -7,42 +11,33 @@ run:
|
||||
modules-download-mode: readonly
|
||||
|
||||
linters:
|
||||
disable-all: true
|
||||
# No disable-all: use golangci defaults (errcheck, govet, ineffassign, staticcheck, unused, gosimple, etc.)
|
||||
# Explicitly enable the non-default linters we require for this LAN cache proxy.
|
||||
enable:
|
||||
# errcheck intentionally not enabled yet (pre-existing unchecked I/O in core paths).
|
||||
# Re-enable per-package after larger refactors reduce surface area.
|
||||
# - errcheck
|
||||
- gosec
|
||||
- govet
|
||||
- ineffassign
|
||||
- misspell
|
||||
- staticcheck
|
||||
- unused
|
||||
- gofmt
|
||||
- goimports
|
||||
- gosec # security checks (re-audited; see source //nosec for justified cases)
|
||||
- misspell # documentation hygiene
|
||||
- goimports # import formatting (enforced)
|
||||
# gofmt covered via linter or goimports; errcheck/govet etc. from defaults
|
||||
|
||||
linters-settings:
|
||||
errcheck:
|
||||
check-type-assertions: false # many existing unchecked in http/metrics paths
|
||||
check-type-assertions: false
|
||||
check-blank: false
|
||||
gosec:
|
||||
excludes:
|
||||
- G104 # errors unhandled in defer/close common in Go
|
||||
- G304 # file inclusion via variable (config paths controlled)
|
||||
- G115 # int->uint casts on positive cache sizes (pre-existing; safe in context)
|
||||
- G301 # MkdirAll 0755 for cache dirs (pre-existing, functional requirement)
|
||||
- G306 # WriteFile 0644 for user config (standard, not secret)
|
||||
# Broad global excludes removed (G104/G115/G301/G304/G306).
|
||||
# - G301 addressed by switching cache MkdirAll to 0700 (least privilege for CDN content).
|
||||
# - Remaining justified cases documented with precise //nosec (or #nosec) + comments at the call sites.
|
||||
# - G104 largely eliminated by errcheck + explicit _ = handling (or defer wrappers).
|
||||
staticcheck:
|
||||
checks: ["all", "-SA1019"] # allow deprecated for now if any
|
||||
checks: ["all"] # SA1019 exclusion removed (no deprecated API usages in tree)
|
||||
govet:
|
||||
enable-all: true
|
||||
disable:
|
||||
- fieldalignment # performance not critical here
|
||||
- shadow # pre-existing in large ServeHTTP; avoid noise for now
|
||||
- fieldalignment # performance tuning not a priority for this proxy appliance
|
||||
- shadow # common idiomatic "err" redeclarations in error-handling chains (large ServeHTTP, root, parse funcs); enabling adds noise with no real bugs; would require scope refactor for little gain
|
||||
|
||||
# errcheck remains disabled globally due to pre-existing noise in http and cache paths.
|
||||
# Re-enable plan: enable per-package after larger refactors; consider adding a coverage gate later.
|
||||
# Current config keeps baseline green while allowing incremental strictness.
|
||||
# Old global errcheck disable + aspirational "re-enable after refactors" comments deleted.
|
||||
# errcheck is now on via defaults. Unavoidable cases handled at source with _ = or (rarely) narrow rules.
|
||||
|
||||
issues:
|
||||
max-issues-per-linter: 0
|
||||
@@ -55,18 +50,37 @@ issues:
|
||||
- path: _test\.go
|
||||
linters:
|
||||
- errcheck
|
||||
- gosec # tests often use weak patterns intentionally
|
||||
# Pre-existing intentional empty branches (comments explain); cleaned in later refactors
|
||||
- linters:
|
||||
- gosec # tests often use weak patterns intentionally (e.g. error injection, temp files)
|
||||
# NOTE: narrow SA9003 exclude retained only for the one remaining intentional empty branch in test (best-effort status check; main assert is metrics side-effect).
|
||||
# The config one was a truly redundant check (already errored above); deleted surgically in Fix Round 1 (Issue 1), eliminating its exclude-rule.
|
||||
- path: steamcache/steamcache_test.go
|
||||
linters:
|
||||
- staticcheck
|
||||
text: "SA9003: empty branch"
|
||||
# Double-check locking idiom in predictive (content assigned only on miss path); pre-existing
|
||||
- path: vfs/predictive/predictive.go
|
||||
# Narrow gosec excludes for unavoidable classes after re-audit (LAN proxy threat model):
|
||||
# - G115: int64<->uint casts in eviction/GC math (all sizes positive, guarded by capacity checks; API uses uint for bytesNeeded)
|
||||
# - G304: path vars for Read/Open/Remove under trusted disk.root or user config file (sanitized keys, no traversal, no arbitrary inclusion from untrusted URLs)
|
||||
# G306 for config WriteFile kept as source //nosec (one site).
|
||||
# G301 fixed at source (0700 dirs). G104 addressed via errcheck fixes.
|
||||
- path: vfs/memory/memory.go
|
||||
linters:
|
||||
- staticcheck
|
||||
text: "SA4006"
|
||||
# Unused field in predictive (likely remnant); pre-existing, excluded to keep lint green for hygiene
|
||||
- path: vfs/predictive/predictive.go
|
||||
- gosec
|
||||
text: "G115"
|
||||
- path: vfs/disk/disk.go
|
||||
linters:
|
||||
- unused
|
||||
text: "mu"
|
||||
- gosec
|
||||
text: "G115"
|
||||
- path: vfs/gc/gc.go
|
||||
linters:
|
||||
- gosec
|
||||
text: "G115"
|
||||
- path: config/config.go
|
||||
linters:
|
||||
- gosec
|
||||
text: "G304"
|
||||
- path: vfs/disk/disk.go
|
||||
linters:
|
||||
- gosec
|
||||
text: "G304"
|
||||
# Predictive/* rules deleted: vfs/predictive/ removed in commit 0dbb2e0; rules were stale/dead.
|
||||
# All other suppressions use source-level //nosec (gosec) or _= (errcheck) for precision and visibility.
|
||||
|
||||
Reference in New Issue
Block a user